I am trying to write a client that supports Exchange Active Sync policies. Right now I am having difficulty implementing the Provision step. I’ve been following the Microsoft documentation and have checked several other examples, and I think I am making the right steps.
First, I send a Provision Cmd, which does return a policy with a temporary policy key.
Second, I send a second Provision Cmd with the policy key from Step 1. The response to this acknowledgment, however, looks the same as the response from Step 1. This leads me to believe the acknowledgement is not really happening.
Trying other Cmd, like FolderSync, afterwards result in a response with Status Code 142 (DeviceNotProvisioned), which indicates the server thinks I’m not provisioned.
I am able to use the EAS protocol successfully (syncing emails, calendar, etc.) if there is no policy enforced by the server for my user. So I believe Exchange is set up properly. It must be something wrong with how I am doing the Provision dance.
Step1: First Provision Request:
Request:
POST /Microsoft-Server-ActiveSync?User=user8&DeviceId=482049E2C44C47E38438410E418E9B02&DeviceType=iPhone&Cmd=Provision HTTP/1.1
Host: mail.blahtest.com
Content-Type: application/vnd.ms-sync.wbxml
X-MS-PolicyKey: 3769048351
Content-Length: 85
Connection: close
Proxy-Connection: close
Cookie: X-BackEndCookie=S-1-5-21-1158204237-3780276595-2398335240-1113=u56Lnp2ejJqBm5nNx8bOyZ3Sz5ubyNLLns7G0saazszSzZudnJmcmsbHzszNgYHOztDOz9DNz87L38bFysfFy8nfr7I=
User-Agent: CS Mail/1.0.5 (iPhone Simulator; iOS 8.1; Scale/2.00)
MS-ASProtocolVersion: 14.1
Authorization: Basic <snip>
Accept-Encoding: gzip
<?xml version="1.0" encoding="utf-8"?>
<provision:Provision xmlns:provision="Provision:" xmlns:settings="Settings:">
<settings:DeviceInformation>
<settings:Set>
<settings:Model>iPhone Simulator</settings:Model>
<settings:OS>iPhone OS8.1</settings:OS>
</settings:Set>
</settings:DeviceInformation>
<provision:Policies>
<provision:Policy>
<provision:PolicyType>MS-EAS-Provisioning-WBXML</provision:PolicyType>
</provision:Policy>
</provision:Policies>
</provision:Provision>
Response:
HTTP/1.1 200 OK
Content-Type: application/vnd.ms-sync.wbxml
Content-Encoding: gzip
request-id: 51d04ea0-a14d-4ec7-8784-39e46668eb2a
X-TargetBEServer: blahtest.blahtest.com
X-DiagInfo: blahtest
Set-Cookie: X-BackEndCookie=S-1-5-21-1158204237-3780276595-2398335240-1113=u56Lnp2ejJqBm5nNx8bOyZ3Sz5ubyNLLns7G0saazszSzZudnJmcmsbHzszNgYHOztDOz9DNz87L38bFysfFy8nfr7I=; expires=Mon, 10-Nov-2014 21:58:46 GMT; path=/Microsoft-Server-ActiveSync; secure; HttpOnly
X-FEServer: blahtest
Date: Mon, 10 Nov 2014 21:48:46 GMT
Connection: close
Content-Length: 342
<?xml version="1.0"?>
<provision:Provision xmlns:airsync="AirSync" xmlns:provision="Provision" xmlns:settings="Settings">
<settings:DeviceInformation>
<settings:Status>1</settings:Status>
</settings:DeviceInformation>
<provision:Status>1</provision:Status>
<provision:Policies>
<provision:Policy>
<provision:PolicyType>MS-EAS-Provisioning-WBXML</provision:PolicyType>
<provision:Status>1</provision:Status>
<provision:PolicyKey>3769048351</provision:PolicyKey>
<provision:Data>
<provision:EASProvisionDoc>
<provision:DevicePasswordEnabled>1</provision:DevicePasswordEnabled>
<provision:AlphanumericDevicePasswordRequired>0</provision:AlphanumericDevicePasswordRequired>
<provision:PasswordRecoveryEnabled>0</provision:PasswordRecoveryEnabled>
<provision:RequireStorageCardEncryption>0</provision:RequireStorageCardEncryption>
<provision:AttachmentsEnabled>1</provision:AttachmentsEnabled>
<provision:MinDevicePasswordLength/>
<provision:MaxInactivityTimeDeviceLock>300</provision:MaxInactivityTimeDeviceLock>
<provision:MaxDevicePasswordFailedAttempts>5</provision:MaxDevicePasswordFailedAttempts>
<provision:MaxAttachmentSize/>
<provision:AllowSimpleDevicePassword>1</provision:AllowSimpleDevicePassword>
<provision:DevicePasswordExpiration/>
<provision:DevicePasswordHistory>0</provision:DevicePasswordHistory>
<provision:AllowStorageCard>1</provision:AllowStorageCard>
<provision:AllowCamera>1</provision:AllowCamera>
<provision:RequireDeviceEncryption>0</provision:RequireDeviceEncryption>
<provision:AllowUnsignedApplications>1</provision:AllowUnsignedApplications>
<provision:AllowUnsignedInstallationPackages>1</provision:AllowUnsignedInstallationPackages>
<provision:MinDevicePasswordComplexCharacters>3</provision:MinDevicePasswordComplexCharacters>
<provision:AllowWiFi>1</provision:AllowWiFi>
<provision:AllowTextMessaging>1</provision:AllowTextMessaging>
<provision:AllowPOPIMAPEmail>1</provision:AllowPOPIMAPEmail>
<provision:AllowBluetooth>2</provision:AllowBluetooth>
<provision:AllowIrDA>1</provision:AllowIrDA>
<provision:RequireManualSyncWhenRoaming>0</provision:RequireManualSyncWhenRoaming>
<provision:AllowDesktopSync>1</provision:AllowDesktopSync>
<provision:MaxCalendarAgeFilter>0</provision:MaxCalendarAgeFilter>
<provision:AllowHTMLEmail>1</provision:AllowHTMLEmail>
<provision:MaxEmailAgeFilter>0</provision:MaxEmailAgeFilter>
<provision:MaxEmailBodyTruncationSize>-1</provision:MaxEmailBodyTruncationSize>
<provision:MaxEmailHTMLBodyTruncationSize>-1</provision:MaxEmailHTMLBodyTruncationSize>
<provision:RequireSignedSMIMEMessages>0</provision:RequireSignedSMIMEMessages>
<provision:RequireEncryptedSMIMEMessages>0</provision:RequireEncryptedSMIMEMessages>
<provision:RequireSignedSMIMEAlgorithm>0</provision:RequireSignedSMIMEAlgorithm>
<provision:RequireEncryptionSMIMEAlgorithm>0</provision:RequireEncryptionSMIMEAlgorithm>
<provision:AllowSMIMEEncryptionAlgorithmNegotiation>2</provision:AllowSMIMEEncryptionAlgorithmNegotiation>
<provision:AllowSMIMESoftCerts>1</provision:AllowSMIMESoftCerts>
<provision:AllowBrowser>1</provision:AllowBrowser>
<provision:AllowConsumerEmail>1</provision:AllowConsumerEmail>
<provision:AllowRemoteDesktop>1</provision:AllowRemoteDesktop>
<provision:AllowInternetSharing>1</provision:AllowInternetSharing>
<provision:UnapprovedInROMApplicationList/>
<provision:ApprovedApplicationList/>
</provision:EASProvisionDoc>
</provision:Data>
</provision:Policy>
</provision:Policies>
</provision:Provision>
Step 2: Second Provision (meant to be the acknowledgement):
Request:
POST /Microsoft-Server-ActiveSync?User=user8&DeviceId=482049E2C44C47E38438410E418E9B02&DeviceType=iPhone&Cmd=Provision HTTP/1.1
Host: mail.blahtest.com
Content-Type: application/vnd.ms-sync.wbxml
X-MS-PolicyKey: 3769048351
Content-Length: 85
Cookie: X-BackEndCookie=S-1-5-21-1158204237-3780276595-2398335240-1113=u56Lnp2ejJqBm5nNx8bOyZ3Sz5ubyNLLns7G0saazszSzZudnJmcmsbHzszNgYHOztDOz9DNz87L38bFysfFy8nfr7I=
User-Agent: CS Mail/1.0.5 (iPhone Simulator; iOS 8.1; Scale/2.00)
MS-ASProtocolVersion: 14.1
Authorization: Basic <snip>
Accept-Encoding: gzip
<?xml version="1.0" encoding="utf-8"?>
<provision:Provision xmlns:provision="Provision:">
<provision:Policies>
<provision:Policy>
<provision:PolicyType>MS-EAS-Provisioning-WBXML</provision:PolicyType>
<provision:PolicyKey>3769048351</provision:PolicyKey>
<provision:Status>1</provision:Status>
</provision:Policy>
</provision:Policies>
</provision:Provision>
Response:
HTTP/1.1 200 OK
Content-Type: application/vnd.ms-sync.wbxml
Content-Encoding: gzip
request-id: 3f9b10d1-2012-4df0-93c2-427cb37b8dfd
X-TargetBEServer: blahtest.blahtest.com
X-DiagInfo: blahtest
Set-Cookie: X-BackEndCookie=S-1-5-21-1158204237-3780276595-2398335240-1113=u56Lnp2ejJqBm5nNx8bOyZ3Sz5ubyNLLns7G0saazszSzZudnJmcmsbHzszNgYHOztDOz9DNz87L387Pxc/Nxc3K36+y; expires=Mon, 10-Nov-2014 22:02:25 GMT; path=/Microsoft-Server-ActiveSync; secure; HttpOnly
X-FEServer: blahtest
Date: Mon, 10 Nov 2014 21:52:25 GMT
Connection: close
Content-Length: 342
<?xml version="1.0"?>
<provision:Provision xmlns:airsync="AirSync" xmlns:provision="Provision" xmlns:settings="Settings">
<settings:DeviceInformation>
<settings:Status>1</settings:Status>
</settings:DeviceInformation>
<provision:Status>1</provision:Status>
<provision:Policies>
<provision:Policy>
<provision:PolicyType>MS-EAS-Provisioning-WBXML</provision:PolicyType>
<provision:Status>1</provision:Status>
<provision:PolicyKey>3769048351</provision:PolicyKey>
<provision:Data>
<provision:EASProvisionDoc>
<provision:DevicePasswordEnabled>1</provision:DevicePasswordEnabled>
<provision:AlphanumericDevicePasswordRequired>0</provision:AlphanumericDevicePasswordRequired>
<provision:PasswordRecoveryEnabled>0</provision:PasswordRecoveryEnabled>
<provision:RequireStorageCardEncryption>0</provision:RequireStorageCardEncryption>
<provision:AttachmentsEnabled>1</provision:AttachmentsEnabled>
<provision:MinDevicePasswordLength/>
<provision:MaxInactivityTimeDeviceLock>300</provision:MaxInactivityTimeDeviceLock>
<provision:MaxDevicePasswordFailedAttempts>5</provision:MaxDevicePasswordFailedAttempts>
<provision:MaxAttachmentSize/>
<provision:AllowSimpleDevicePassword>1</provision:AllowSimpleDevicePassword>
<provision:DevicePasswordExpiration/>
<provision:DevicePasswordHistory>0</provision:DevicePasswordHistory>
<provision:AllowStorageCard>1</provision:AllowStorageCard>
<provision:AllowCamera>1</provision:AllowCamera>
<provision:RequireDeviceEncryption>0</provision:RequireDeviceEncryption>
<provision:AllowUnsignedApplications>1</provision:AllowUnsignedApplications>
<provision:AllowUnsignedInstallationPackages>1</provision:AllowUnsignedInstallationPackages>
<provision:MinDevicePasswordComplexCharacters>3</provision:MinDevicePasswordComplexCharacters>
<provision:AllowWiFi>1</provision:AllowWiFi>
<provision:AllowTextMessaging>1</provision:AllowTextMessaging>
<provision:AllowPOPIMAPEmail>1</provision:AllowPOPIMAPEmail>
<provision:AllowBluetooth>2</provision:AllowBluetooth>
<provision:AllowIrDA>1</provision:AllowIrDA>
<provision:RequireManualSyncWhenRoaming>0</provision:RequireManualSyncWhenRoaming>
<provision:AllowDesktopSync>1</provision:AllowDesktopSync>
<provision:MaxCalendarAgeFilter>0</provision:MaxCalendarAgeFilter>
<provision:AllowHTMLEmail>1</provision:AllowHTMLEmail>
<provision:MaxEmailAgeFilter>0</provision:MaxEmailAgeFilter>
<provision:MaxEmailBodyTruncationSize>-1</provision:MaxEmailBodyTruncationSize>
<provision:MaxEmailHTMLBodyTruncationSize>-1</provision:MaxEmailHTMLBodyTruncationSize>
<provision:RequireSignedSMIMEMessages>0</provision:RequireSignedSMIMEMessages>
<provision:RequireEncryptedSMIMEMessages>0</provision:RequireEncryptedSMIMEMessages>
<provision:RequireSignedSMIMEAlgorithm>0</provision:RequireSignedSMIMEAlgorithm>
<provision:RequireEncryptionSMIMEAlgorithm>0</provision:RequireEncryptionSMIMEAlgorithm>
<provision:AllowSMIMEEncryptionAlgorithmNegotiation>2</provision:AllowSMIMEEncryptionAlgorithmNegotiation>
<provision:AllowSMIMESoftCerts>1</provision:AllowSMIMESoftCerts>
<provision:AllowBrowser>1</provision:AllowBrowser>
<provision:AllowConsumerEmail>1</provision:AllowConsumerEmail>
<provision:AllowRemoteDesktop>1</provision:AllowRemoteDesktop>
<provision:AllowInternetSharing>1</provision:AllowInternetSharing>
<provision:UnapprovedInROMApplicationList/>
<provision:ApprovedApplicationList/>
</provision:EASProvisionDoc>
</provision:Data>
</provision:Policy>
</provision:Policies>
</provision:Provision>
Step 3 (fails with status 142): Next Commands, one example is FolderSync:
Request:
POST /Microsoft-Server-ActiveSync?User=user8&DeviceId=482049E2C44C47E38438410E418E9B02&DeviceType=iPhone&Cmd=FolderSync HTTP/1.1
Host: mail.blahtest.com
Content-Type: application/vnd.ms-sync.wbxml
X-MS-PolicyKey: 3769048351
Content-Length: 13
Connection: close
Proxy-Connection: close
Cookie: X-BackEndCookie=S-1-5-21-1158204237-3780276595-2398335240-1113=u56Lnp2ejJqBm5nNx8bOyZ3Sz5ubyNLLns7G0saazszSzZudnJmcmsbHzszNgYHOztDOz9DNz87L387Pxc/Nxc3K36+y
User-Agent: CS Mail/1.0.5 (iPhone Simulator; iOS 8.1; Scale/2.00)
MS-ASProtocolVersion: 14.1
Authorization: Basic <snip>
Accept-Encoding: gzip
Response gives a status of 142 (DeviceNotProvisioned) Which leads me to believe the acknowledgement didn’t happen correctly.
I might be wrong but I think the X-MS-PolicyKey header on the second request should be:
X-MS-PolicyKey: 0